An embedded system is a data processing system that resides within a larger mechanical or electrical entity and that includes one or more different modules for performing one or more dedicated functions, respectively. In addition, one or more of those dedicated functions may need to satisfy real-time computing (RTC) constraints. For instance, functions may need to respond within an order of milliseconds or microseconds.
Many different kinds of entities may include embedded systems. For instance, embedded systems may be used in buildings, in robots, in vehicles, etc. Such vehicles may include, without limitation, conventional cars and trucks, unmanned (“autonomous”) cars and trucks, manned aircraft, unmanned aircraft (“drones”), spacecraft, etc. A vehicle, for instance, may include an embedded system that includes a central host module and various auxiliary modules, such as an engine control unit (ECU), tire pressure monitoring sensors (TPMSs), etc. In addition, to implement an advanced driver assistance system (ADAS), the vehicle's embedded system may include modules such as cameras, vision coprocessors, machine-learning modules, etc. For purposes of this disclosure, an entity with an embedded system may be referred to as a “smart entity.”
Typically, a module within an embedded system is expected or required to perform one or more specific functions. For instance, an embedded system for a smart vehicle may include an ECU that is expected or required to control an engine and to report various engine performance metrics to a host module. Also, when an embedded system is turned on or activated, one or more of the modules within the system may need to be initialized with software that enables those modules to perform their required functions. In other words, a module may use software to perform one or more functions. For purposes of this disclosure, the software that a module uses may be referred to as “firmware.” And each different module may use different firmware. Furthermore, a module may use some parts of its firmware only during the initialization process, and the module may use other parts of its firmware after initialization, during performance of the module's expected or required functions within the embedded system. The portions of firmware that are used for initialization may be referred to as “boot code.”
Furthermore, in some situations, it may be desirable to change or update the firmware for one or more modules within an embedded system. However, the failure of one or more modules within an embedded system may cause dangerous or catastrophic results. Consequently, it is important to protect embedded systems from unauthorized updates and from other types of tampering, such as the unauthorized removal or replacement of one or more modules. In other words, it is important to provide protection against network-based attacks and against physical attacks. The present disclosure describes methods and apparatus to provide firmware protection in embedded systems. In particular, the present disclosure describes one or more embedded systems which use a security coprocessor to provide firmware protection.